Major Security Breach at MobiKwik - ₹40 Crore Lost! 🚨

[TechnoFinoTechnoFino is verified member.]

Hey TFCians,

Here’s some disturbing news from the digital payments space - MobiKwik has suffered a massive security breach, with fraudulent transactions amounting to nearly ₹40 crore over just two days (September 11–12, 2025).

What Actually Happened (As Per MobiKwik’s Official Statement)​

According to the company, an isolated internal technical issue after a software update caused some failed transactions to be incorrectly marked as successful, leading to unauthorized payouts to certain merchants in and around Nuh, Haryana.​

• Some merchants and users from this region exploited the glitch to gain undue financial benefit.
• MobiKwik confirmed the issue was identified in the early hours of September 12 and resolved within 45 minutes.
• The company insists this was not a cybersecurity breach, but an internal processing error.
• Importantly, no UPI, Wallet payments, or customer account balances were affected. No user data or credentials were compromised either.

The Money Trail​

• As per the company’s SEBI filing, an FIR was lodged for ₹40 crore.
• So far, around ₹14 crore has been recovered, leaving a net estimated impact of ₹26 crore.
• Over 2,000 merchant bank accounts have been frozen, and multiple arrests have been made.
• Active recovery efforts are ongoing with the police and legal enforcement agencies.

Police & Investigation​

The Haryana police are treating this as a case of collusion between registered merchants and users from limited locations. They’ve already frozen accounts and confirmed arrests. Investigators have stated that no MobiKwik employees, insiders, or KMPs are involved.

History Repeats Itself​

This isn’t MobiKwik’s first major mishap. Back in 2017, they were defrauded of ₹19 crore in a similar scam.

And let’s not forget—MobiKwik has a track record of shady practices:

• They re-invested customer money into P2P lending without consent, leaving many users stranded and still waiting for their funds. Here is the detail: https://technofino.in/community/thr...2p-lenders-money-without-their-consent.31583/
• Now, once again, customer trust has been put at risk because of poor system security and negligence.

Why This Matters​

While MobiKwik stresses that no customer directly lost money this time, the fact remains that:​

• The company has admitted to a serious internal lapse in transaction processing.
• This isn’t the first time MobiKwik’s systems or governance have been questioned.
• A listed fintech company repeatedly making such errors raises doubts about its ability to handle crores of daily transactions safely.

A Hard Lesson?​

Call it negligence or call it karma—but MobiKwik’s repeated failure to protect its systems is truly alarming. For a company handling crores in digital transactions every single day, this level of carelessness is unacceptable. How can the same platform fall victim to such scams again and again, without even noticing until it’s too late?

This time, no customer directly lost money—the funds were debited from MobiKwik’s internal pool account, so the company itself has taken the hit. Still, that doesn’t excuse the repeated lapses in security and governance.

Meanwhile, the Nuh Police has appealed to the public to report any unexplained cash credits received on September 11–12. The case is under investigation for cheating and dishonest misappropriation of property.

What do you think, TFians? Should regulators finally take a tougher stance against wallets like MobiKwik that keep putting trust at risk—even though this time the company bore the loss? After all, they are a listed company now. Or will this just be another incident where accountability gets brushed under the carpet?

 

[hellowo₹ld]

first they should regulate this auto save cards without giving option to user.

asking for sms or location permission without needed.

etc.

 

[karanssh]

more details are here